Advisories » MGASA-2014-0150

Updated libyaml package fixes security vulnerability

Publication date: 03 Apr 2014
Modification date: 03 Apr 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2525

Description

Ivan Fratric of the Google Security Team discovered a heap-based buffer
overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter
library. A remote attacker could provide a specially-crafted YAML document
that, when parsed by an application using libyaml, would cause the
application to crash or, potentially, execute arbitrary code with the
privileges of the user running the application (CVE-2014-2525).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=13101
• http://www.debian.org/security/2014/dsa-2884
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2525

SRPMS

3/core

• yaml-0.1.6-1.mga3

4/core

• yaml-0.1.6-1.mga4